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(54) Titl*: NETWORKED SECURITY SYSTEM FOR NETWORK-BASED MONITORINa AND CONTROL OF AN ENVIRONMENT 
(57) Abstract 

A networked security system for network-based monitor- 
ing and control of an environment is disclosed. Hie networked 
security system includes: 1) a site control unit (320) for moni- 
toring and controlling devices (322) in an eiwironment, the site 
control unit (320) ftirther includes a site system conixollcr for 
assembling device information into data packets for transfer on 
a network (310); and, 2> a user system (3)4) ccmncclcd with the 
Bite control unit (320) via the network (310) for receiving the data 
packets from the site control Unit (320) via the network (3!0) and 
for processing the data packets far access for networked user. 
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NETWORKED SECUIUTY SYSTEM FOR NETWORK-BASED 
MONITORING AND CONTROL OF AN ENVIRONMENT 

KACKGROUND OF THE INVENTION 

1. Field of the Inveatjon 

The present invention relates to the field of security systems* computer 
networks* and remote control systems. 

2. Description of Related Art 

Conventional security monitoring and control systems typically use direct 
point-to-point connections between a monitored location and a central control 
facility. In many of these conventional systems, a hard-wired direct connection 
between a site control unit at the monitored location and the central control 
facility is used. In other conventional systems, a point-to-point telephone line i^^ 
used to u:ansmit data between a control device at the monitored location and tbn^. 
central monitoring facility via a modem. In still other conventional application.^ 
wireless tratisroission and receiving apparatus is used to transmit security datii 
between a monitored location and a central control facility. In many 
circumstances, however, the bandwith limitations imposed by the wireles;^ 
apparatus or the telephone infrastructure limits the amount and type of data that 
can be transmitted from the monitored location and the control facility. Foi 
example, many of these prior art systems are unable to transmit video as part of 
the transmitted security information. 

Although these conventional security systems provide a means foi 
transmitting security mformation to a remote location, the remote location cannot 
be arbitrarily defined. For example, many security systems are configured to dial 
out to a particular telephone number at a predefined location. These systems do 
not provide a convenient way for relocating a control facility to a different site or 
to any arbitrary site. Similarly, the hard-wired systems require expensive 
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reconfiguration if either the control facility or the monitored location is moved. 
Moreover, the prior art security systems suffer bandwidth limitations and the 
need for expensive transmission apparatus. 

There are several typesS of networked security systems in the prior aiL 
U.S. Patent No, 4,876.S97» assigned to ADT Security Systems, Inc., Parsippan>', 
Mew Jersey {'591 herein), is representative of one type of prior art system. The 
*597 patent describes a video observation system wherein a scene to be monitored 
at a remote location is captured as a series of still images. The monitoring of 
freight trains is cited as an application of this system. If the observer is at a 
location remote from the point at which the images are taken, the patent states 
chat various techniques can be used to facilitate transmission of the imagt^ 
information (preferably in digital form) through relatively low cost transmission 
links such as voice grade telephone lines. This patent represents conventionsd 
systems that use telephone lines for the transmission of security data from a 
monitored location to a control facility, 

U.S. Patent No. 5,699,276 describes a utility meter interface apparatus for 
loieasuring utility usage at a residential location. A computer is connected to the 
utility meter and provides an interface between a communication network and a 
device located inside the home. The disclosed system relates to remote utility 
meter reading and remote load management. The system includes a network 
interface that may be cxiupled to a digital service network, that communicates, for 
example, via satellite, wireless communication, fiber-optic cables, coaxial cableii, 
or twisted pair telephone lines. Although this system describes the use of variouis 
types of network infrastructures, the system nevertheless is confined to a 
predefined relation between the monitored location and the control facility. 

U.S. Patent No. 5,684,799 describes a full-service network having a 
distributed architecture. The video disnribution network consolidates video 
streams from different information providers and outputs a consolidated signal 
onto a transport ring. The digital information is transmitted using asynchronous 
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iiansfer mode (ATM) and RF distribution over a hybrid-fiber-coax local loop 
distribution. Again, this patent describes a system using an expensive proprietary/ 
network infrastmcture. 

U-S, Patent No. 5,675,390 describes a home entertainment system 
combining complex processor capability with a high-quality display. This patent 
lelates to a home entertaimng system having a high-quality monitor to display 
digitally received broadband video without a loss of signal quality. The system 
provides a multipurpose computer system to control consumer electronics such as 
II large monitor or television. The circuitry also provides audio and video tuning 
capability. In one described embodiment, liigh-quality video signals are received 
I'roro satellites broadcasting digital video signals, digital cable signals, and other 
wireless digital broadcasts. A computer system with a card inserted therein 
includes a satellite tuner, digital demodulator, and a means to capture video, 
audio, and data in a form which a personal computer can process. The system 
:dso provides support for remote control of both the personal computer and th<t 
monitor functions in the personal computer. 

U.S. Patent No. 5,648,966 describes a method of senc^g an alarm to h 
network management station when an unusual event occurs in a managed 
network station. This patent represents a class of technology related to the 
administration of a computer network. These specialized network managemeuiL 
systems provide a means for detecting network errors and for performing 
predefined procedures or notifications as a result of a network error. These 
systems are not analogous to the residential or commercial security monitoring 
imd control of the present invention. 

Thus, a networked security system for network-based monitoring and 
control of an environment is needed. 
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SUMMARY OF THE INVENTION 

A networked security system for network-based monitoring aad control of" 
an environment is disclosed. The networked security system includes: 1) a sit*;, 
control unit for monitoring and controlling devices in an environment, the site 
control unit further includes a site system controller for assembling dcvia? 
information into data packets for transfer on a network; and^ 2) a user system 
connected with the site control unit via the network for t^eiving the data packets, 
from the site control unit via the network and for processing the data packets for 
access by a networked user. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 illustrates a prior art computer network topology. 

Figure 2 illustrates the prior art architecture of a conventional computer 

system. 

Figure 3 illustrates the computer network architecture of the preferred 
embodiment. 

Figure 4 illustrates the network structure of the present invention in mon^ 

detail. 

Figure 5 illustrates the site system controller software architecture. 
Figure 6 illustrates the central station software architecture. 
Figures 7-1 1 are flowcharts illustrating the processing logic used by the 
present invention. 

nETATLED DESCRIPTION OF THE PREFERRED EMBODIMENT 

The present invention is a networked security system for network-based 
monitoring and control of an environment. In the following detailed description, 

4 
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numerous specific details are set forth in order to provide a thorougli 
understanding of the present invention. However, it will be apparent to one of 
ordinary skill in the art that these specific details need not be used to practice the 
present invention. In other circumstances^ well known structures, material:!, 
circuits, and interfaces have not been shown or described in detail in order not to 
unnecessarily obscure the present invention. 

Referring now to Figure 1, a diagram illustrates the network environment 
in which the present invention operates. In this conventional network 
architecture, a server computer system 100 is coupled to a wide-area network 
110. Wide-area network 110 includes the Internet, or other proprietary networks 
including America On-Line™, CompuServe™, Microsoft Network and 
Prodigy ™, each of which are well known to those of ordinary skill in the arl:. 
Wide-area network 1 10 may include conventional network backbones, long-haul 
telephone lines, Internet service providers, various levels of network routers, and 
other conventional means for routing data between computers. Using 
conventional network protocols, server 100 may communicate through wide-area 
network 110 to a plurality of client computer systems 120* 130, 140 connected 
through wide-area network 110 in various ways. For example, client 140 js 
connected directly to wide-area network 110 through direct or dial up telephone 
or other network transmission line. Alternatively, clients 130 may be connected 
through wide-area network 1 10 using a modem pool 1 14. A conventional modem 
pool 1 14 allows a plurality of client systems to connect with a smaller set of 
modems in modem pool 114 for connection through wide-area network 110. En 
another alternative network typology, wide-area network 110 is connected to a 
gateway computer 112, Gateway computer 112 is used to route data to clients 
120 through a local area network 116. In this manner, clients 120 can 
communicate with each other through local area network 116 or with server 100 
through gateway 112 and wide-area networic 110. 
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Using one of a variety of network connection means, server computer 100 
can communicate with client computers 150 using conventional means. In a 
particular implementation of this network configuration, a server computer 100 
may operate as a web server if the World-Wide Web CWWW) portion of the 
Internet is used for wide area network 1 10, Using the HTTP protocol and the 
EtTML coding language across wide-area network 110, web server 100 may 
communicate across the World-Wide Web with clients 150. In this configuration, 
clients 150 use a client application program known as a web browser such as the. 
Netscape™ Navigator™ published by Netsc^e Corporation of Mountain View, 
CA, the Internet Explorer™ published by Microsoft Corporation of Redmond, 
Washington, the user interface of America On-Line™, or the web browser or 
HTML translator or any other well-known supplier. Using such conventiona] 
browsers and the World-Wide Web, clients 150 may access graphical and textual 
data provided by web server 100. Conventional means exist by which clients 150 
may supply information to web server 100 through the World- Wide Web 110 
and the web server 100 may return processed data to clients 150. 

Having briefly described one embodiment of the network environment in 
which the present invention operates. Figure 2 illustrates an example of a 
computer system 200 illustrating an exemplary client 150 or server 100 computer 
system in which the features of the present invention may be implemented. 
Computer system 200 is comprised of a bus or other communications means 201 
for communicating information, and a processing means such as processor 202 
coupled with bus 201 for processing information. Computer system 200 further 
comprises a random access memory (RAM) or other dynamic storage device 204 
(commonly referred to as main memory), coupled to bus 201 for storing 
information and instructions to be executed by processor 202, Main memory 204 
also may be used for storing temporary variables or other mtermediate 
information during execution of instructions by processor 202, Computer system 
200 also comprises a read only memory (ROM) and /or other static storage device 

6 
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206 coupled xo bus 201 for storing static infoiroation and instructions for 
processor 202. 

An optional data storage device 207 such as a magnetic disk or opticial 
disk and its corresponding drive may also be coupled to computer system 200 for 
storing information and instructions. Computer system 200 can also be coupled 
via bus 201 to a display device 221, such as a cathode ray tube (CRT) or a liqui d 
crystal display (LCD), for displaying information to a computer user. For 
example, graphical depictions of a business card and other types of graphical or 
textual information may be presented to the user on display device 221. 
Typically, an alphanumeric input device 222, including alphanumeric and other 
keys is coupled to bus 201 for communicating information and/or comma] hd 
selections to processor 202» Another type of user input device is cursor control 
device 223, such as a conventional mouse, trackball, or other type of cursor 
direction keys for communicating direction information and command selection 
to processor 202 and for controlling cursor movement on display 221 , 

Alternatively, the client 150 can be implemented as a networic computer 
or thin client device, such as the WebTV Networlcs™ Ihtemet terminal or tlie 
Oracle™ NC. Client 150 may also be a laptop or palm-top computing device, 
such as the Pahn Pilot^, Such a network computer or thin client device does not 
necessarily include all of the devices and features of the above-describ<;;d 
exemplary computer system; however, the functionality of the present invention 
may nevertheless be implemented with such devices, 

A communication device 225 is also coupled to bus 201 for accessisig 
remote computers or servers, such as web server 100, or other servers via the 
Internet, for example. The communication device 225 may include a modem, a 
network interface card, or other well known interface devices, such as those usid 
for interfacing with Ethernet, Token-ring, or other types of networks. In ajriy 
event, in this manner, the computer system 200 may be coupled to a number of 
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servers 100 via a conventional network infrastructure such as the infrastructures 
illustrated in Figure 1 and described above* 

The present invention includes hardware and various processing steps, 
which will be described below. The steps of the present invention may be 
enfibodied in machine or computer executable instructions. The instructions cain 
l)e used to cause a general purpose or special purpose processor, which i^: 
]>rogrammed with the instructions to perform the steps of the present invention, 
Alternatively, the steps of the present invention may be performed by specific 
hardware components that contain hard wired logic for performing the steps, or 
by any combination of programmed computer components and custom hardware 
components. While embodiments of the present invention will be described withi 
reference to the World-Wide Web. the method and apparatus described herein is 
equally applicable to other netwoiic infrastructures or other data communications; 
systems. 

Referring now to Figure 3» a preferred embodiment of the network 
configuration of the present invention is illustrated. In the preferred embodiment, 
users at one of a plurality of user systems 314 and administrators at one of 
plurality of central stations 316 may access one of a plurality of site control unit<i 
320 to monitor and control devices 322 at one of a plurality of sites 312 bein;^ 
monitored via the Internet 310. User system 314 can be used by anyom^: 
authorized to access devices 322 at site 312. There can be one or a plurality of 
tiser systems 314, The term "users" or "system users" denotes herem an operator 
of a user system 314, Central station 316 is an administration site, which validates; 
the operation of the networked security system and the authority of those usinjj; 
the system. There can be one or a plurality of central stations 316. The ternn 
**adniinistratoi" or "central station user" denotes herein an operator of a central 
station 3 1 6, The central station 316 uses one or a plurality of databases 3 17 either 
resident within central station 316 or, as shown in Figure 3, residing on a 
network-accessible database server 317. The database 317 is used for storage of 

8 
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device status information from monitored site 312 or user information related to 
users of user system 314. Database 317 may be any of a variety of convenuonal 
ODBC-compliant databases, such as Microsoft Access, Oracle 8, or a SQL 
server, It will be apparent to those of ordinary skill in the art that database 317 
may represent a plurality of databases » Providing a plurality of databases allow<i 
the system to support a plurality of redundant central stations 316. 

As described above, user system 314 and central station 316 may Ix; 
implemented as conventional computer systems with network access capability, 
such as the exemplary system shown in Figure 2. Site control unit 320 may also 
be implemented as a conventional computer system, a conventional alarm panel, 
or a set-top box as described above. Software for implementing the pieseiiit 
invention runs on user system 314, central station 316, and on site control unit 
:J20. 

In general, the present invention provides a means and method for 
networked-based monitoring and control of a site accessible via the Internet* The 
preferred embodiment can be connected to the Internet and a conventional alarm 
panel. The system performs the control functions and makes monitoring 
information available to any authorized users on the Internet. For commercial 
users, the system is typically connected to a local LAN 116 and data packets are 
routed onto the Internet, For residential users, the system may connect directly to 
die Internet via a conventional Intemet service provider (ISP), or users may 
connect to the Internet through central station 3 16, which may act as an ISP using 
conventional methods. In either case, a networked security system for network- 
based monitoring and control of an environment is provided. The networked 
security system includes: 1) a site control unit for monitoring and controlling 
devices in an environment, the site control unit further includes a site system 
controller for assembling device information into data packets for transfer on the 
network; and, 2) a user system connected with the site control unit via the 
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network for receiving the data packets from the site control unit via the network 
and for processing the data packets for access by a networked user. 

It is important to distinguish two basic models for accessing the monitored 
site 312 through the Internet. First, in a self-raoniioring model, users of us«r 
systems 314 communicate through the Internet directly with a Web server within 
site control unit 320. In this manner, a user may directly monitor or control 
devices at a site 3 12 of interest. Using the system components described belov/, 
the user in a self-monitoring model is presented with a user interface on user 
system 314 providing the user with a full set of controls and real-time monitoring 
and stams information for monitoring and controlling site 3 12. 

The second type of access model is a station monitoring model. In the 
station monitoring model, a Web server within central station 316 collects 
information from site control unit 320 and stores this information in a databa^^ 
317, This collected information includes configuration and status information for 
the site control unit and user, information including accoimt and usttr 
configuration information. The database 317 allows central station 316 to 
maintain complete and current stams, as well as a. status history, for all 
monitoring and control devices 322 at monitored site 312, Given that there ni;iy 
be many monitored sites 312, central station 316 keeps the information in 
database 317 up to date for each of the plurality of monitored sites 312. Users of 
user systems 314 may directly access the site control unit 320 in self-monitoring 
model, or users may query the stams of a monitored site 312 by querying 
database 317 updated as a result of the station monitoring model. 

Refeiring now to Rgure 4, an architectural block diagram illustrates in 
detail the functional blocks of the preferred embodiment. On the user side, the 
user system 314 computing system includes a Web interface 414, which includd^s 
a conventional Web client. The Web Interface 414 may be implemented on a 
standard browser 416, such as one of the browsers listed above. These 
components provide network 310 or Internet access for the user system 314. By 
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use of these components, a user is presented with and able to manipulate a 
graphical user interface (GUI) generated by the site control unit 320 in a manni-T 
described in more detail below. The user of user system 314 may also access 
database 317 via network 310. 

As illustrated in Figure 4, the site control unit 320 at the site 312 being 
monitored or controlled includes a site system controller 420. The site system 
controller 420 contains the bulk of the software for driving the system of die 
present invention. This software is described in more detail below in connection 
with Rgurc 5, 

The site system controller 420 can be coupled with several different types 
of convendonal devices for controlling a variety of different types of monitoring 
and control devices. For example, as shown in Figure 4, site system controller 
420 can be coupled with a conventional alarm panel 430, which is coupled wirh 
an array of conventional monitoring and control devices 322. In the preferred 
embodiment, several conventional alarm panels 430 may be used, such as tlie 
FEIOO or 685 units by Ademco^, the Martonics, SAFECOM, or Concept 
1000/2000/3000 panels. In general, these conventional alarm panels include at 
least two external interfaces: a control interface 428 and a telephone line interface 
427. As well known to those of ordinary skill in the art, the control interface 428 
is a standard interface using a conventional protocol for enabling the alarm panel 
430 to be programmed and controlled by a field service engineer. This control 
interface 428 is connected with a compadble interface in the site system 
controller 420, The telephone line interface 427 of the alarm panel is also a 
conventional alarm panel interface for reporting digital alarm and status 
information to a central facility. In the preferred embodiment^ this telephone 
interface is connected to a compatible interface of the site system controller 420. 
In the preferred embodiment, several conventional monitoring and control 
devices 322 may be used with the present invention. These control devices 322 
include, but are not limited to: window / door sensors^ door openers, access 
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control devices, fire / smoke / chemical / temperature / pressure detectors, electix>- 
mecbanical devices, lights, automatic sprinklers^ and keypads. In addition, the 
monitoring and control devices 322 include other types of devices includiag 
video cameras or other video sources, video cassette recorders (VCRs). audio 
sources^ infrared (IR) programmable devices, or other types of monitoring or 
control devices. It will be apparent to those of ordinary skill in the art that the 
functionality of the site system controller 420 and the functionality of the alai:rti 
panel 430 may be integrated into a single unit. 

As shown in Figure 4, site system controller 420 can also be coupled widi 
a conventional device controller 432, such as a CMllA device controller 
manufactured by X-10 (USA) Inc. of Qoster, NJ. Such conventional devices may 
be programmed to control a variety of devices 322, such as the devices set fonth 
be example above. These control devices 432 typically include a serial data 
interface for transferring data and control messages to/from the device. In tiie 
prcfened embodiment, the site system controller 420 is coupled to tlie 
conventional device controller 432 via this serial interface. It will be apparent r.o 
those of ordinary skill in the art that a variety of conventional control devices msiy 
be coupled to the site system controller 420 using conventional types of 
interfaces* 

The site system controller 420 may also be configured to include a 
conventional video controller card 434, a conventional audio controller card 436^ 
and a conventional IR controller card 438. These controllers, typically 
implemented as circuit cards housed within site system controller 420, may l:ie 
used to receive and process corresponding video and audio data from devic«ts 
322. The conventional IR controller 438 may be used to produce IR command 
signals for programming devices 322 having an IR receiver. Controllers 434, 43(5. 
and 438 typically include firmware or software drivers for programming tlie 
controllers via software within site system controller 420. It will be apparent to 
one of ordinary skill in the art that one or more of the control devices 430, 432, 
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434, 436, or 438 may not be present in a particular implementation, yet the 
present invention still retains a level of functionality corresponding to the 
included control devices. 

Site System Controller Software 

Referring now to Figure 5, the site system controller 420 software 
architecture 520 is illustrated. The site system controUer software 520 includes an 
embedded Web server 424 for accepting service requests from a user system 314 
or a central station 316. This software component may be implemented using a 
conventional Personal Web Server as developed by Microsoft Corporation of 
Redmond, Washington or the WebSite Server produced by O'Reilly Associates. 
l*he site system controller software 520 also includes an embedded event servei' 
512. The event server 512 provides a means by which the site system controller 
420 automatically obtains updated status information from one or more control 
devices 322 and forwards the status information to one or more central stations 
316 or one or more databases 317 at pre-configured time intervals- 

The site system controller software 520 further includes a graphical user 
interface generator (GUI) 513 for providing a user with a graphical means for 
monitoring and controlling the environment at the site 312. The graphical user 
interface generator 513 of the site system controUer software 520 includes .'i 
means for displaying and controlling the selection and manipulation of 
abstraction images or icons that represent objects faruiUar in the site 312 setting. 
These abstractions can be manipulated by the user to activate and control 
corresponding control devices 322 at the site 312. The abstraction images and the 
other displayed components of the GUI 513 are constructed mainly in the sitt: 
system controller 420 as conventional Web pages coded in a conventional coding 
language such as the Hypertext Markup Language (HTML). These Web pages of 
(3UI 513 are transferred to user system 314 or central station 316 via network 310 
and displayed to a user or administrator via the browser 416. 
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The site system controller software 520 further includes a Common 
Application Language Interface 514 (CAL) published by the CEBus Committee 
of the Electronic hidustry Association (EIA), Specification EIA-600, first 
published in 1992. This conventional interface provides a generic object interface 
for manipulating objects corresponding to control devices 322, or portions 
thereof. The CAL interface is also described in the "CEBus Standard User's 
Guide, Grayson Evans, May, 1996. The CAL interface is a basic description of a 
set of abstract base classes for Object Oriented programming. The base clas$ti;s 
detail the data and meihods for representing monitoring/control devices such a;i, 
televisions, VCRs, hghts, dimmers, and security panels* If necessary, the CAL 
interface 514 translates a user or adnainistraior action request into one or more 
device controller-specific commands for implementing the action request on a 
particular set of installed device conttollers 321. In the prefeired embodiment. 
Common Object Modules (COM or DCOM) are used to invoke the appropriate 
CAL object interface corresponding to the particular action request. COM is a 
conventional methodology (or approach to programming) in which the 
implementation and the interfaces are separated in a very specific manner. The 
approach yields a true separation between how something works and the interface 
to it. COM is often used for programming in a Microsoft Win32 Application 
Program hiterface (API). It allows different versions of systems to co-exist on 
the same platform. A description of the conventional COM system is found in, 
'T)ale Rogerson; Inside COM, Microsoft's Component Object Model; Microsoft 
Press; 1997." 

The site system controller software 520 further includes a real time event 
manager 516 for responding to alarms and other events occiming in one or mot^ 
of the control devices 322. The real time event manager 516 receives an alert 
from one or more control devices 322 via a device controller 321 and perfom:iS 
one or more tasks or actions in response to the alert. The tasks performed in 
response to a particular alert are pre-configured in the real time event managi-jr 
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516 by the admitiistrator The tasks may include; sending an email message to a 
defined address, calling a pager, sending an error message, posting a databa<:e 
entry, or other types of actions, 

The site system controller software 520 further includes a device model 
518 for handling ±e device controller specific interfaces. For example, a 
particular device controller 321 may be an X 10 device having an XIO type 
interface. Alternatively, a LonWorks controller having a LonWorks interface 
developed by Echelon Corporation, Palo Alto^ Ca, may be used. The device 
model 518 insulates the higher level software components of the site system 
controller software 520 from the device-specific details of the device controller 
321 interface. 

The site system controller software 520 is supported in the 
preferred embodiment by the Windows 95 or Windows CE operating system 505 
developed by Microsoft Corporation of Redmond, Washington, The Windov/s 
operating system is well-known to those of oidinaiy skill in the art. The operating 
system 505 of the preferred embodiment includes a conventional Secure Socket 
Layer (SSL) 506 component for handling secure data transfers between the site 
control unit 320 and user system 314 or central station 316. 

Referring now to Figure 6, the software components 610 of the centrid 
station 316 are illustrated. In the preferred embodiment, the central station 316 
may act as a Web client or a Web server. For this reason, the central station 
contains both a conventional Web client 614 and a Web server 612. Both the Web 
server 612 and the Web client 614 are layered on a conventional browser 616 as 
described above. The central station 316 also includes a database server 618 for 
accessing database 317. As described above, database 317 is used for storage of 
device status information and user information. The Web server 612 of the central 
station 316 is used to collect information from the site control unit 320 and lo 
cause the storage of this collected information into the database 317. The Wi^b 
client 614 of the central station 316 is used to access the database 317 to retrieve 
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and display device or user information. The Web client 614 is further used to 
directly access a site control unit 320 to configure a device, check status of <i 
device, or control a device at a monitored site 312. It will be apparent to those of 
ordinary skill in the art that the software components of the central station 31(i 
and database 317 may be implemented on the same hardware platform or 
different hardware platforms as desired in a particular implementation. 

Referring now to Figures 7-1 1^ flowcharts illustrate the processing logii; 
of the present invention. Figures 7-9 illustrate the interaction between the 
processing logic in the user system 3 14 and the site system controller software 
520 for implementing the preferred embodiment. Figures 10 and 1 1 illustrate tbu. 
interaction between the processing logic in the central station 316 and the siti:. 
system controller software 520 for implementing the preferred embodiment. 

Referring now to Figure 7, the fu*st portion of the processing interaction, 
between the user system 314 and the site system controller software 520 h 
illustrated. Initially, a user at user system 314 invokes a conventional browser 
416 (block 710), The browser makes a request to a Domain Name Server (DNS) 
for a look-up of the requesting user's name. In addition, an IP address of a siOf! 
control unit corresponding to the user is obtained from the DNS (block 715). The 
user system 314 then makes an access to the user*s site control unit 320 (SCU) 
using the retrieved IP address. In response, the Web server 424 of the SCU 320 
returns a challenged-based request to the user system 314 via a Secure Socket 
Layer (SSL) 506 transaction (block 720). SSL is a conventional protocol. M 
response to the challenged-based request from the SCU 320, the user system 314 
responds to the SCU 320 with a secure response that requests access to the SCU 
320 by the user of user system 314 (block 725), If the user is granted access to the 
SCU 320 on the basis of previously established authorization criteria for the usei% 
processing paih 735 is taken lo the bubble labeled A shown in Figure 8. If access 
to the SCU 320 is denied, processing path 740 is taken back to block 715 where 
the user may enter new identifying information to obtain access to the SCU 320, 
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Referring now to Figure 8, processing for the user system / site control 
unit processing continues at bubble A. At this point, the user has gained access to 
Iiis/her SCU 320 via the browser of user system 314. The GUI 513 of site control 
unit 320 responds to the user system 314 access with the first of a set of HTML 
encoded Web pages of the SCU graphical user interface (GUI 513). These Web 
jiages are transferred to the user system 314 and displayed by browser 416 (block 
810), Using conventional browser tools, the user may navigate through these Web 
pages of GUI 513 and select one or more of the symbols and objects presented on 
ihese Web pages (block 815). The symbols and objects generated by GUI 513 
md displayed at the user system 314 represent abstraction symbols and objects 
that each correspond to an individual or set of control devices supported by that 
particular site control unit 320, The user may navigate to a particular abstraction 
symbol of interest and select the abstraction symbol using browser 416 (block 
820). In response to the selection of the absuraction symbol at user system 314, aji 
action request message is sent to the site control unit 320 (block 820). In response 
to the receipt of an action request message, the SCU 320 invokes a CAL object 
interface corresponding to the action request message, which corresponds to the 
selected abstraction symbol (block 825). The invoked CAL object interface of 
CAL Interface 514 causes a message to be sent to activate a corresponding driver 
interface through device model 518 (block 830). The activated driver interface 
conresponds to the action request received from the user system 314, The 
activated driver interface activates a corresponding driver and causes the driver to 
issue a controller level command to perform the specified action on the specified 
control device of control devices 322 through controllers 321. The specified 
action and the specified control device is identified using information in the 
action request message. Subsequently, hardware performs the controller level 
command to complete the specified action on the specified control device (block 
835). Processing continues at the bubble labeled B shown in Figure 9, 
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Referring now to Figure 9, processing for the user system / site contr<;>l 
unit processing continues at bubble B. At this point, the user has selected an 
abstraction symbol on the user system 314 and caused a corresponding action no 
be performed at site 312 through site control unit 320, The site control unit 320 
confirms completion of the controller level command and the action request by 
obtaining control device status for the activated control device from one of 
controllers 321 (block 910). The control device status and action request status is 
sent from the SCU 320 to user system 314. The updated control device stams Is 
reflected in the Web Pages of GUI 513 (block 915). Processing for the user 
system / site control unit in this illustrative example ends at block 920. 

Referring now to Figure 10, a first portion of the interaction between tlie 
processing logic in the central station 316 and the site system controller software 
520 is illuscraied. In this example, assume an event occurs in one of the connrol 
devices 322. Such an event could include a tripped sensor, an alarm activation, a 
status change notification, etc. As in a conventional alarm system, the event 
causes the alarm panel 430 to fault in an alarm condition (block 1010). The alarm 
panel 430 fault condition is detected by a sensor driver through device model 
518. The sensor driver passes the fault condirion to the real time event manager 
516 in the SCU 320 (block 1015). The real time event manager 516 detects thi-at 
the received fault condition is a security type of fault. A previously configured set 
of actions (i*e. an action request path) is initiated by the SCU 320 in response i:o 
this security fault (block 1020). Alternatively, a different action request path ro^iy 
be pre-configured in real time event manager 516 for handling other types of 
faults, such as fire events* status transitions, etc. In most cases, the action request 
path will include a step of updating database 317 with information related to the 
fault condition. In this case, a database update request is sent by the SCU 320 to 
one or more IP addresses corresponding to one or more databases 317 and one or 
more central stations 316 (block 1025). Upon receiving the database update 
request, the central station 316 updates the database 317, The information in 
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database 317 corresponding to the faulted control device is updated to reflect itis 
new status (block 1030). Processing for the interaction between the SCU 320 and 
The central station 316 continues at the block labeled C shown in Figure 11. 

Referring now to Figure 1 1, the processing for the interaction between the 
SCU 320 and the central station 316 continues at the bubble C, At this point, the 
database 317 has been updated by central station 316 to reflect the new status of 
die faulted conu-ol device. Alternatively or additionally, the central station 316 
may alert its Web client software 614 to update database 317 across the network 
310 (block 1110). The central station 316 also performs the remaining tasks in the 
action request path corresponding to the subject fault (block 1115). For example, 
an action request path for a particular type of fault may include various methods 
01 notification including, sending an email to some predefined location to notify 
an individual of the fault, issuing a page or a telephone call, or other types of 
conventional actions in response to a fault. Finally, the central station 316 sends a 
status message back to the SCU 320 that originated the event The status message 
serves as acknowledgement to the SCU 320 that the central station 316 
satisfactorily bandied the event (block 1120), Processing for the interactioia 
between the SCU 320 and the central station 316 in this illustrative example 
terminates at block 1 125. 

Thus, a networked security system for network-based monitoring and 
control of an environment is disclosed. Although the present invention is 
described herein with reference to a specific preferred embodiment, many 
modifications and variations therein will readily occur to ±ose with ordinary skill 
in the art. Accordingly, all such variations and modifications are included within 
the intended scope of the present invention as defined by the following claims. 
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C LAIMS 
We claim: 

1 . A networked security apparatus comprising: 

a site control unit for monitoring and controlling devices in 
an environment, the site control unit funher including a site system 
controller for assembling device information into data packets for 
transfer on a network; and 

a user system connected with the site control unit via die 
network for receiving the data packets from the site control unit 
via the network and for processing the data packets for access by a 
networked user. 

2. The networked security apparatus as claimed in Claim 1 wherein 
the network is the Intemet. 

3. The networked security apparatus as claimed in Claim 1 wherein 
the site control unit funher includes a video capture unit for receiving 
video images and for digitizing the video images into a portion of the dahi. 
packets, 

4. The networked security apparatus as claimed in Claim 1 whereiii 
the site control unit fiirther includes an audio unit for receiving audio 
inptit and for digitizing the audio input into a portion of the data packets. 

5. The networked security apparatus as claimed in Claim 1 wherein 
the site control unit further includes a sensor input unir for receiving 
information from a plurality of sensors, 
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6. The networked security apparatus as claimed in Claim 1 wherein 
the site control unit further includes a device controller for sending control 
information to a plurality of control devices. 

7. The networked security apparatus as claimed in Qaim 1 wherein 
the site control unit further includes a graphical user interface generator 
for processing device information into displayable information. 

8. The networked security ^paratus as claimed in Claim 1 wherein 
the site control imit further includes a sensor input unit for receiving 
information from a plurality of sensors, the site control unit fiirthtir 
including a graphical user interface generator for generating displayable 
information including an abstraction symbol representing one or more of 
the plurality of sensors. 

9. The networked security apparatus as claimed in Qaim 8 wherein 
an activation of the abstraction symbol causes an activation of the 
corresponding sensor of the plurality of sensors. 

10. The networked security apparatus as claimed in Claim 8 wherein 
one sensor of the plurality of sensors is a video camera. 

11. The networked security apparatus as claimed in Claim 1 wherein 
the site control unit further includes a controller output unit for sending 
control information to a plurality of control devices, the site control unit 
further including a gr^hical user interface generator for generating 
displayable information including an abstraction symbol representing one 
or more of the plurality of control devices, 
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12. The ^etwo^ked security apparatus as claimed in Claim 1 1 wherein 
an activation of the abstraction symbol causes an activation of the 
conx^sponding control device of the plurality of control devices. 

13. The networked security apparatus as claimed in Qaim 11 wherein 
one control device of the plurality of control devices is a remotely 
controlled electrical power switch. 

14. The networked security apparatus as claimed in Claim 3 whcrc:in 
the site control unit further including a graphical user interface generator 
for generating displayable information derived from the information in lltie 
data packets, the graphical user interface generator further including a 
video module for displaying video images. 

15. The networked security apparatus as claimed in Claim I wherein 
the user system further includes a security module for validating the 
authority of a user prior to granting access to the site control unit. 

16. The networked security apparatus as claimed in Claim 1 fiirtl:ier 
including: 

a central station for communicating with the site contix)! 
unit and the user system via the network, central station furtlier 
including a database interface to a database, the database for 
storing information corresponding to the site control unit and the 
user system. 
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OBJECT INTERFACE CORRESPONDING TO THE 
ACTION REQUEST. 



820 



825 



THE CAL OBJECT INTERFACE CAUSES A MESSAGE 
TO BE SENT TO THE DRIVER INTERFACE 
CORRESPONDING TO THE ACTION REQUEST. 



830 



THE DRIVER CORRESPONDING TO THE DRIVER 835 
INTERFACE ISSUES A CONTROLLER LEVEL COMMAND 

TO PERFORM THE SPECIFIED ACTION ON THE 
SPECIFIED CONTROL DEVICE. HARDWARE PERFORMS 
THE CONTROLLER LEVEL COMMAND. 
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FIG. 8 
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o 



> 




THE COMPLETION OF THE COMMAND IS r 
VERIRED AND STATUS OF THE CONTROL DEVICE 
IS RETURNED TO THE SOU. 


> 


i 


THE SCU SERVER SENDS AN UPDATE 
REQUEST TO THE WEB CUENT OF THE USER f - 
SYSTEM TO REFLECT THE NEW STATUS OF THE 
CONTROL DEVICE. 


> 


f 930 



910 



END 
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CENTRAL STATION/SITE CONTROL UNIT 
PROCESSING LOGIC 





i 


A CONTROL DEVIC 
(E.G. A WINDOW SE 
THE SENSOR CAUSE. 
TO FAULT IN AN Al 


E EVENT OCCURS. 
NSOR IS TRIPPED} 
ST>^E ALARM PANEL 
ARM CONDITION. 



1010 



THE PANEL FAULT IS DETECTED BY A SENSOR 
DRIVER IN THE SCU. THE DRIVER PASSES THE 
FAULTTO TWE REAL TIME EVENT MANAGER 
IN THE SCU. 



1016 



THE REAL TIME EVENT MANAGER NOTES THAT 
THIS SAMPLE EVENT IS A SECURITY TYPE OF FAULT 

AND TAKES AN ACTION REQUEST PATH 
PREVIOUSLY CONFIGURED FOR THIS TYPE OF FAULT. 



1020 



THE ACTION REQUEST PATH CAUSES A 
DATABASE REQUEST TO BE SENT TO ONE OR 
MORE IP DATABASE ADDRESSES. 



1025 



THE APPROPRIATE CENTRAL STATION RECEIVES 
THE DATABASE REQUEST AND UPDATES THE 
DATABASE ENTRY. 



1030 



0 



FIG. 10 



SUBSTITUTE SHEET (RULE 26} 

PAGE 62164 * RCVD AT 2110/2005 3:57:38 PM [Eastern Standard Time]* SVR:USPT0-EFXRF-1/2 * DNIS:8/29306 * CSID: * DURATION (mm-ss):15-30 



2005-02-10 16:21 Froni-ROPES & GRAY 



T-189 P. 063/064 F-955 



WO 99739505 



PCT/US9'')/01S03 



11/11 




THE APPROPRIATE CENTRAL STATION ALERTS 
THE WEB CUENT SOFTWARE TO HANDLE THE 
REAL TIME UPDATE. 



1110 



THE APPROPRIATE CENTRAL STATION PERFORMS 
USER DEFINED ACTIONS IN RESPONSE TO THE 
FAULT EVENT. (E.G. EMAIL, PAGE, PHONE) 



1115 



THE CENTRAL STATION SENDS A STATUS MESSAGE 
BACK TO THE SOU AT WHICH THE FAULT OCCURRED 
TO CONFIRM THAT THE APPROPRIATE ACTION 
WAS TAKEN IN RESPONSE TO THE FAULT. 
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END 



^ 1125 



FIG. 11 



SUBSTITUTE SHEET (RULE 26) 

PAGE 63164 ' RCVD AT 2110/2005 3:57:38 PM [Eastern Standard Time] * SVR:USPT0-EFXRF-1/2 * DKIS:8729306 * CSID: * DURATION (ntin-ss):15-30 



2005-02-10 16:21 



Froni-ROPES i GRAY 



T-189 P. 064/064 F-955 



INTERNATIONAL SEARCH RJEPORT 



IiUCffiatbiuU application No. 
PCT/US9&/01803 



A. CLASSIFICATION OP SUBJECT MATTER 

IPC(6) tH04N 7/18> 9/47; 7/10, 7/14 

US CL :34S/327; 34S/21U 153, 159, 152, 154, 143 
Aocortfing xo Intenucional Fhxm Ciwirpcation (IPC) or to both natlorwl claasification and IPC 



FIELDS SEARCHED 



Muiiniuni documcntatton searched (olossinoation uynpcm follow^ by ohusification syrnbols) 
U.S. : 



DQcuTncntation searched other than tuiniinuni dacumcomdon to tho cxteatthat such documcnU arc included in the fiekla i«an;h^ 



Elccmnuc «iata base couBuhed during Iho imcmiuioniit scorch (name of data ba«c ajid, ^crt prACticoblo, search icnin* UB«d) 
APS - camera, internet, sefuors. cobudU packets, video, audio, accariiy, auveiUancc 



DOCUMENTS CONSIDERED TO BE RELEVANT 



Category' 



X 
Y 
A 
Y 

A 
A 



Citation of document, with iodieatioii, where appropriate, of ihe iclevant passages 



US 4,962,473 A (CRAIN) 09 October 1990, col. 4, lines 21-69, col. 
5 lines 1-68, col. 6, lines 1-55, col. 8, lines 56-68, col. 9, lines 1-50 



US 5,206,732 A (HUDSON) 27 April 1993 

US 4,992,866 A (MORGAN) 12 February 1991, col. 5, lines 11-48, 
fig. 2 

US 5,583,796 A (REESE) 10 December 1996 
US 5,491.511 A (ODLE) 13 February 1996 



Rdevant to claim No. 



1-7, 14-16 



8-13 
M6 
&-13 

1-16 
1-16 



I I Further documents are lifted in the coniuiuation of Bo)i C. ( ] Sm patent famiiy annex. 



!lp«aial octf goria of cited dcKuravAU: 

itocimenl doTrnkn tha gMianl Vmlm of On ^ whl«4l U AOteoQihtored 
t« b4 of piflifiutir nUv uki 

bDliv dDouiaonl piiblUhsd 00 or ftftAf tiia wtflnmUooel ftlins dnts 

• l4CU»«nt wbioh mmy throw doubU to priPt'wy «t«lnl{l} Of wKicl) ft 
m\U4 ta ciUbluh tbfl |iufalio«ljim dote bf cnMllor tiUMA or 

ilonuBtot n{«Tnn« lo w vtti diKloitiri. uii. axtubition or other 



Oocumooi publiifaed f>r»f to tb» tnlvmiUontt filipg 44td but |»l0r thin 
prio n^ data BlBbnid 



1«wr ^BunonL pubUihed tUar the biionuilonp} nitnn diio or ptiotiif 
4^14 wi not in Qonnwl with Ih* illl4fi"tanti 
ihs prinaipls at OigOty undniy'lOB ^ tnvcnlkiti 

dooummt q{ paniea\v rckvinca; tba oUirnvd inveritioQ cbiwiifI bq 
ooniiderod rtOVcl or ctmot ba ccxuidered to ijivolv* mt invQntiv* titp 
when (ho d««tuw«w ii ukcn ikxie 

doaira«nt of p^flieuUr rvleruioa; Ow «llim'4 inTuitian BUmOt h« 
vOftftibrtd *a iqvohF« ut iovmliVv itop vTiab Uia dDCiMAt V 
coMbinod with ora or mon other ftuoh doounenti. tuch eoabinnion 
tamg obviotu to a peritxi ikitM m the tn 

dDcumBiit mambcr ef ihe Mine pstcnt f am fly 



Date or tlic actual complctian of the international search 
21 MAY 1999 



Name and mailing address of Lhc ISA/ US 

CDrntniaaioncf of PalcnU IzkI Tra*l<lrtiark» 

Bq)( PCT 
Facsimile No. (703) 305-3230 



Date of maiLing of thfi Lniemalional ssrch rcpon 

15JUN1999 



Aulhorizcd afTiccr 
Vivcic Srivajtavft 



Telephone No, (703) 305 - 4038 



PAGE 64/64 ' RCVD AT 2/1012005 3:S7:38 PM [Eastern Standard Time] * SVR:USPT0-EFXRF-1/2 * DNIS;8729306 * C8ID: * DURATION (mm-$s):15-30 



